Member table carries 3 crucial fields:
userID – PK
username – unique
eMail – unique
In settings area, users can change their email address as long as the newly input email address doesn’t exist in db. I expect many users would request changing their usernames.
It would be great to allow users to change their usernames, but its a risky option and totally unsafe. For example, it could be a great opportunity for a scammer to play his/her game! Then change the username and carry on deceiving members! This is what i’m concerned about. Another problem, if a user is famous and well known then he/she changed the username! A scammer could pick the dropped username and then play his/her game.
Assuming the website is a general classified ads that has some features of forums.
My current solution is i do the changing for them (assuming there aren’t too many requests). However, their previous username will available for others to register. Is this how its done practically/formally?
You’re trying to deal with a social or people problem with a technical solution, which never really works for long.
In my opinion, here is your best plan of action:
You will be unable to prevent spammers and scammers 100%, but you can make their work hard enough that your site is no longer “easy money” and they’ll go find some other low-hanging fruit.